问题
I'm trying to integrate Jenkins with AWS CodeCommit. Jenkins is running on an AWS EC2 Instance with Ubuntu 14.04.
I followed this Blogpost: http://blogs.aws.amazon.com/application-management/post/Tx1C8B98XN0AF2E/Integrating-AWS-CodeCommit-with-Jenkins
The problem is, that sudo -u jenkins aws configure isn't executed because the jenkins user has no permissions.
What would you do?
The following commands aren't working as well:
sudo -u jenkins git config --global credential.helper '!aws codecommit credential-helper $@'
sudo -u jenkins git config --global credential.useHttpPath true
sudo -u jenkins git config --global user.email "me@mycompany.com"
sudo -u jenkins git config --global user.name "MyJenkinsServer"
What rights does the jenkins user need?
Thanks in advance.
回答1:
I was able to achieve this integration using SSH. To some extent, I followed these instructions: Setting up for CodeCommit
Assuming Jenkins Home is /var/lib/jenkins/
Create an ssh key on the Jenkins EC2 instance (/var/lib/jenkins/.ssh/id_rsa)
ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id-rsa -a -N
Upload the public key to an IAM user (IAM user must have CodeCommit access)
aws iam upload-ssh-public-key --user-name <username> --ssh-public-key-body file:///var/lib/jenkins/.ssh/id_rsa.pub
Collect the SSHPublicKeyID when you upload the key
{ "SSHPublicKey": { "UserName": "jenkins", "Status": "Active", "SSHPublicKeyBody": "ssh-rsa <rsa-key> <host>\n", "UploadDate": "2015-09-02T19:18:24.309Z", "Fingerprint": "xxx", "SSHPublicKeyId": "APK***" } }
Create/modify SSH config file
Host git-codecommit.*.amazonaws.com User APK******* IdentityFile /var/lib/jenkins/.ssh/id_rsa StrictHostKeyChecking no
Where the APK*** is the value of the Key ID retrieved in step 3
- Copy or move this file to /var/lib/jenkins/.ssh/config (or wherever Jenkins is installed on your EC2 instance)
- Ensure 'jenkins' user has 0600 permissions to /var/lib/jenkins/.ssh directory
- Create a Jenkins job as described in the blog post you first used. For the repository URL, however, enter the SSH url instead. (no credentials needed)
回答2:
After doing all of above steps. If it is still not works. clone any branch within /var/lib/jenkins/.ssh. It will add known host entry.
sudo -u jenkins git clone ssh://git-codecommit.<your-region>.amazonaws.com/v1/repos/<your test branch>`
来源:https://stackoverflow.com/questions/31566005/access-aws-codecommit-from-jenkins-running-on-ec2-ubuntu